Well, it was a breach of both privacy and the bank's customer database and therefore it was a Federal criminal offense, so I would say that you should file a SAR.
As this breach has now been identified as having happened, then I would suggest that an IT forensic examination be conducted on this former employee either in-house or hire it done. Your data breach contingency plans should be kicking in full stream. If this former employee did this, imagine what else they could have taken.
You also need to call your regulator directly. They take a dim view of this and have been known to ban people from ever working in a financial institution again for such stupid actions.
If your CEO or President know the higher ups in this other bank, they might want to give them a courtesy call (not to mention the SAR of course) but to give them a heads up on what transpired and that if the bank lands that other customer's account, they can fully expect hearing from the bank's attorney.
_________________________
The opinions expressed here should not be construed to be those of my employer:
PPDocs.com